[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: nnets & crypto

IMHO etc., *any* time there is an application involving pattern-matching and analysis of complex in->out 
relations/functions there is a possible application of NN's.  That's not to say that a particular application 
would be a panacea, but designed properly I think an NN could be of value in differential crypto, discovering 
crypto-weak (i.e. strong) correlations between in->out, etc.  My intuition says there is or can be value as a 
tool for the cryptanalyst.

I would also not discount the use of NN's in ENcrypting, given the capability of NN's realizing (almost) any 
arbitrary, nonlinear function from in->out. 

Caveat: practical considerations not accounted for in these opinions. 

>Date: Fri, 10 Nov 1995 11:52:41 -0800
>From: Bill Stewart <[email protected]>
>Subject: Re: coding and nnet's

>Schneier's 2nd edition says "Neural nets aren't terribly useful for
>cryptography, primarily because of the shape of the solution space.

>Neural nets work best for problems that have a continuity of
>solutions, some better than others. This allows a neural net to
>learn, proposing better and better solutions as it does. Breaking an
>algorithm provides for very little in the way of learning
>opportunities: You either recover the key or you don't. (At least
>this is true if the algorithm is any good.)

Has anyone tried using neural nets or similar techniques for
searching for useful nonrandom properties of the round functions of
block ciphers or hash functions?  This might be useful in trying to
prepare some new kind of attack, find a balanced binary function
that is useful in using the generalization of linear cryptanalysis
discussed by Harpes, Kramer, and Massey at Eurocrypt '95, find a
better "difference" function for use in a differential attack, etc.

>Neural nets work well
>in structured environments when there is something to learn, but not
>in the high-entropy, seemingly random world of cryptography." And he
>doesn't give any references.

Merkle's paper on Khufu and Khafre addresses this idea, I think.
Merkle comments that it's not going to be useful against a full
cipher, but that it might be useful against (say) Khufu with one or
two octets.

>#				Thanks;  Bill
># Bill Stewart, Freelance Information Architect, [email protected]
># Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, [email protected]
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

Version: 2.6.2